Access control tower

ABSTRACT

Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.17/240,087 filed Apr. 26, 2021, which is a continuation of U.S. patentapplication Ser. No. 15/723,078 filed Oct. 2, 2017, now U.S. Pat. No.10,992,679, which claims priority to U.S. Provisional Patent ApplicationNo. 62/529,360 titled “Data Control Tower,” filed Jul. 6, 2017, and toU.S. Provisional Patent Application No. 62/403,396 titled “Data ControlTower,” filed Oct. 3, 2016, and which is a continuation-in-part of U.S.patent application Ser. No. 15/629,423 filed Jun. 21, 2017, which claimspriority to U.S. Provisional Application No. 62/357,737 titled “Systemsand Methods for Location Binding Authentication,” filed Jul. 1, 2016,each of which is incorporated herein by reference in its entirety.

TECHNICAL FIELD

Embodiments of the present disclosure relate to systems and methods formanaging customer data and customer preferences across a plurality ofplatforms.

BACKGROUND

Many customers link information (e.g., account types, account balances,payment account information, etc.) maintained by a financial institutionto devices (e.g., in a mobile wallet on a smartphone, wearable devices,Internet of Things devices, etc.) and to third-party systems (e.g.,financial health monitoring services, merchant e-commerce systems,social media platforms, mobile wallet systems, etc.). The customer mayshare the information with a plurality of different services. Forexample, the customer may provide account information to a financialhealth monitoring service, payment card information to a plurality ofdifferent mobile wallet services, payment card information to theirfavorite retailers, and the like. Once the access is provided, thecustomer can manage preferences relating to the access at each of thethird-party systems (e.g., via a third-party website or smartphoneapplication). However, this process can be cumbersome when the customerhas authorized a plurality of third-parties to have access to theinformation maintained by the financial institution.

SUMMARY

One embodiment relates to a method of managing access to customerinformation associated with a customer of a financial institution. Themethod includes receiving, by a financial institution computing systemassociated with a financial institution, a request to view a set ofaccess permissions from a first user device associated with the user.The method also includes identifying, by the financial institutioncomputing system, the set of access permissions associated with theuser, the set of access permissions identifying an entity or device thatmay request information regarding the user from the financialinstitution. The method also includes generating an access permissiondataset based on the identified set of access permissions. The methodalso includes transmitting, by the financial institution computingsystem, the access permission dataset to the user device to facilitatethe presentation of a data control interface to the customer via theuser device, the data control interface configured to receive userinputs to change the set of data access permissions.

Another embodiment relates to a financial institution computing systemassociated with a financial institution. The financial institutioncomputing system includes a network interface configured to communicatedata over a network and an access control circuit. The access controlcircuit is configured to receive, by the network interface, a request toview a set of access permissions from a first user device associatedwith the user. The access control circuit is also configured to identifythe set of access permissions associated with the user, the set ofaccess permissions identifying an entity or device that may requestinformation regarding the user from the financial institution. Theaccess control circuit is further configured to generate an accesspermission dataset based on the identified set of access permissions.The access control circuit is further configured to transmit, by thenetwork interface, the access permission dataset to the user device tofacilitate the presentation of a data control interface to the customervia the user device, the data control interface configured to receiveuser inputs to change the set of data access permissions.

These and other features, together with the organization and manner ofoperation thereof, will become apparent from the following detaileddescription when taken in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a block diagram of an information control system, according toan example embodiment.

FIG. 2 is a block diagram of a customer mobile device, according to anexample embodiment.

FIG. 3 is a flow diagram of a method of managing access to customerinformation maintained by a financial institution, according to anexample embodiment.

FIGS. 4-7 each show example data control tower customer interfaces,according to example embodiments.

FIGS. 8-9 show third party client application customer interfaces,according to example embodiments.

FIGS. 10-13 each show example data control tower customer interfaces,according to example embodiments.

FIG. 14 is a flow diagram of a method of mitigating potential fraudassociated with access to customer information, according to an exampleembodiment.

FIG. 15 shows an example customer alert interface, according to anexample embodiment.

FIG. 16 shows an example data control tower customer interface,according to an example embodiment.

FIGS. 17-19 each show example data control tower customer interfaces,according to example embodiments.

FIG. 20 shows an example account control customer interface, accordingto an example embodiment.

DETAILED DESCRIPTION

Referring to the figures generally, systems, methods, and apparatusesfor providing a customer a central location to manage permissionsprovided to third-parties and devices to access and use customerinformation maintained by a financial institution are described. Thecentral location serves as a central portal where a customer of thefinancial institution can manage all access to account information andpersonal information stored at the financial institution. Accordingly,the customer does not need to log into each individual third-partysystem or customer device to manage previously provided access to thecustomer information or to provision new access to the customerinformation.

Referring to FIG. 1 , a view of an information management system 100 isshown according to an example embodiment. As described below in furtherdetail, the information management system 100 facilitates the sharing ofcustomer information associated with a customer 102 and maintained by afinancial institution 104 to third-parties systems 106 and customerdevices 108. The shared customer information can include any combinationof account information associated with financial accounts held by thecustomer 102 with the financial institution 104 (e.g., types of accountsowned, account numbers, account balances, transaction information, billdue dates, etc.), documents that the customer 102 stores with thefinancial institution 104 or that are generated by the financialinstitution 104 (e.g., account statements, tax documents, scanneddriver's license/passport, any uploaded files, etc.), and customerpersonal information stored by the financial institution 104 (e.g.,identity information, authentication information, etc.).

The customer 102 is an account holder with the financial institution104. The financial institution 104 includes a financial institutioncomputing system 110. The financial institution computing system 110maintains information about accounts held with the financial institution104 and facilitates the movement of funds into and out of the accounts.Additionally, the financial institution computing system 110 facilitatesthe sharing of and the provision of access to information associatedwith customer accounts to the customer 102, to customer devices 108, andto third-party systems 106. The financial institution computing system110 includes a network interface 112. The network interface 112 isstructured to facilitate data communication with other computing systems(e.g., the customer devices 108, the third-party systems 106, etc.) viaa network 126. The network interface 112 includes hardware and programlogic that facilitates connection of the financial institution computingsystem 110 to the network 126. For example, the network interface 112may include a wireless network transceiver (e.g., a cellular modem, aBluetooth transceiver, a WiFi transceiver, etc.) and/or a wired networktransceiver (e.g., an Ethernet transceiver). In some arrangements, thenetwork interface 112 includes the hardware and programming logicsufficient to support communication over multiple channels of datacommunication (e.g., the Internet and an internal financial institutionnetwork). Further, in some arrangements, the network interface 112 isstructured to encrypt data sent over the network 126 and decryptreceived encrypted data.

The financial institution computing system 110 includes a processingcircuit 114 having a processor 116 and memory 118. The processor 116 maybe implemented as a general-purpose processor, an application specificintegrated circuit (ASIC), one or more field programmable gate arrays(FPGAs), a digital signal processor (DSP), a group of processingcomponents, or other suitable electronic processing components. Thememory 118 includes one or more memory devices (e.g., RAM, NVRAM, ROM,Flash Memory, hard disk storage, etc.) that store data and/or computercode for facilitating the various processes described herein. Moreover,the memory 118 may be or include tangible, non-transient volatile memoryor non-volatile memory.

The financial institution computing system 110 includes an accountmanagement circuit 120 and an access control circuit 122. Although shownas separate circuits in FIG. 1 , in some arrangements, the accountmanagement circuit 120 and/or the access control circuit 122 are part ofthe processing circuit 116. Other arrangements may include more or lesscircuits without departing from the spirit and scope of the presentdisclosure. Further, some arrangements may combine the activities of onecircuit with another circuit to form a single circuit. Therefore, thoseof ordinary skill in the art will appreciate that the presentarrangement is not meant to be limiting. The account management circuit120 is structured to perform various account management functions,including maintaining an accounts database 124, updating accountbalances, applying interest to accounts, processing payments related toaccounts, and the like. The access control circuit 122 is structured tomanage the sharing and provision of customer information to third-partysystems 106 and to customer devices 108 based on permissions andpreferences of the customer 102.

The financial institution computing system 110 includes the accountsdatabase 124. In some arrangements, the accounts database 124 is part ofthe memory 118. The accounts database 124 is structured to hold, store,categorize, and otherwise serve as a repository for informationassociated with accounts (e.g., loan accounts, savings accounts,checking accounts, credit accounts, etc.) held by the financialinstitution 104. For example, the accounts database 124 may storeaccount numbers, account balances, transaction information, accountownership information, and the like. The accounts database 124 isstructured to selectively provide access to information relating toaccounts at the financial institution 104 (e.g., to the customer 102 viaa customer device 108). In some arrangements, the financial institutioncomputing system 110 includes other databases, such as customer documentand information databases structured to store non-account relatedinformation or other documents associated with the customer 102 fordistribution to third-parties at the approval of the customer 102.

Still referring to FIG. 1 , the system 100 includes at least onethird-party system 106. Each third-party system 106 is affiliated with athird-party that the customer 102 can authorize to access informationassociated with the customer 102 that is stored, generated, maintained,and/or controlled in part by the financial institution 104. For example,the third-party systems 106 may be affiliated with any combination ofmerchants (e.g., brick-and-mortar retailers, e-commerce merchants,etc.), financial health companies (e.g., investment firms, Mint®, etc.),mobile wallet systems (e.g., third-party mobile wallet systems notaffiliated with or operated by the financial institution 104, mobilewallet systems affiliated with or operated by the financial institution104), payment networks (e.g., payment networks affiliated with creditcards offered by the financial institution 104), social media networks,service providers (e.g., tax filing services), cloud storage systems(e.g., document back-up systems, such as Google® Drive, Dropbox®, etc.),utility providers (e.g., electric companies, cable companies, cell phoneproviders, gas companies, etc.), messaging networks, personal organizers(e.g., calendar and scheduling services, bill pay services, e-mailsystems, etc.), governments, businesses (e.g., employers, businessesrequesting information concerning the customer 102), or the like. Eachof the third-parties may be provided access to different portions of theinformation associated with the customer 102 that is stored, generated,maintained, and/or controlled in part by the financial institution 104.For example, an e-commerce merchant may be provided access to paymentaccount and billing address information, while a financial healthcompany may be provided access to account balance information andtransaction information. As described in further detail below, thecustomer 102 can provide a given third-party access to designatedinformation, limit access to information, and revoke access toinformation through an access control portal (“access control tower”)provided by the financial institution 104.

The customer 102 is associated with various customer devices 108. Thecustomer devices 108 may include, for example, smartphones, tabletcomputes, laptop computers, desktop computers, wearables (e.g., smartwatches, smart glasses, fitness trackers, etc.), internet of things(“IOT”) devices (e.g., Amazon Echo®, smart appliances, etc.). Each ofthe customer devices 108 may be provided access to different portions ofthe information associated with the customer 102 that is stored,generated, maintained, and/or controlled in part by the financialinstitution 104. For example, a smartphone may be provided access topayment account and billing address information for a mobile walletrunning on the smartphone, while an IOT device may be provided access topayment information, account balance information, and transactioninformation to execute purchases and review transactions. As describedin further detail below, the customer 102 can provide a given customerdevice 108 access to designated information, limit access toinformation, and revoke access to information through the access controltower provided by the financial institution 104. In some arrangements,the customer devices 108 do not communicate with the financialinstitution computing system 110 via the network 126. For example, thecustomer devices 108 can include payment cards (e.g., credit cards,debit cards, smart cards, etc.) that have account information that canbe linked by the financial institution computing system 110 to accountinformation and customer preferences stored at the financial institutioncomputing system 110.

The devices of the system 100 communicate via the network 126. Thenetwork 126 may include any combination of the Internet and an internalprivate network (e.g., a private network maintained by the financialinstitution 104). Through data communication over the network 126, thefinancial institution computing system 110 can share customerinformation with the third-party systems 106 and the customer devices108.

The financial institution computing system 110 includes customerinformation APIs 128 that define how the financial institution computingsystem 110 communicates customer information with the third-partysystems 106 and the customer devices 108. The APIs facilitate thesharing of and access to the customer information stored at thefinancial institution computing system 110 based on permissions andpreferences provided by the customer 102.

The access control circuit 122 controls access to the customerinformation by the third-party systems 106 and the customer devices 108via the APIs 128. In some arrangements, the financial institutioncomputing system 110 provisions requested customer data to a giventhird-party system 106 or customer device 108 for local storage on thethird-party system 106 or the customer device 108. For example, thefinancial institution computing system 110 can provision paymentinformation, such as payment tokens associated with payment accounts, toa mobile wallet system for local storage at the mobile wallet system. Inother arrangements, the financial institution computing system 110provides access to remotely display, present, or analyze customerinformation stored at the financial institution computing system 110while the financial institution computing system 110 retains controlover the customer information. For example, the financial institutioncomputing system 110 can provide access to a financial health system topresent designated customer account information through a financialhealth website, such as balances, transaction information, and the like,when the financial health system requests the information, withoutdirectly transmitting the data to the financial health system.

Generally, through the information management system 100, the customer102 can provision access to customer information to third-party systems106 and to customer devices 108 (e.g., by permitting the third-partysystem 106 or the customer device 108 to communicate with the financialinstitution computing system 110 to retrieve the customer information).The customer information is maintained by the financial institution 104via the financial institution computing system 110. The customerinformation can include any information associated with the customer 102that is generated by or maintained by the financial institution 104,including customer account information (e.g., account numbers, billingaddress, balance information, transaction information, account typeinformation, account statements, etc.), personal information (e.g., dateof birth, social security number, tax identifications, addresses, phonenumbers, e-mail addresses, aliases, etc.), information provided to thefinancial institution 104 during the account opening process (e.g.,driver's license scans, passport scans, marriage certificates, propertydeeds, etc.). Additionally, customer information can include any otherinformation provided by the customer 102 to the financial institution104 for the purposes of controlling access to the provided information.This other information may include data files, personal information,documents, or the like. The customer 102 can provision access to thecustomer information through the third-party, the customer device 108,or via the FI computing system data control tower. Additionally, thecustomer 102 can manage all previously provided access permissions viathe data control tower to change an access level, set permissions,revoke access, or the like. As described herein, the provision of thecustomer information can be managed on a payment level (e.g., managingall third-party and device access to customer account identifyinginformation such as account numbers and billing addresses for thepurposes of making payments), on an application level (e.g., managingthird party and device access to customer information for purposes ofincorporating such information into third party applications), and on adevice level (e.g., managing the devices that may receive the customerinformation).

Referring now to FIG. 2 , a more detailed view of a customer device 108is shown, according to an example embodiment. The customer device 108shown in FIG. 2 is a customer mobile device 200. The customer mobiledevice 200 is structured to exchange data over the network 126, executesoftware applications, access websites, generate graphical customerinterfaces, and perform other operations described herein. The customermobile device 200 may include one or more of a smartphone or othercellular device, a wearable computing device (e.g., eyewear, a watch orbracelet, etc.), a tablet, a portable gaming device, a laptop, and otherportable computing devices.

In the example shown, the customer mobile device 200 includes a networkinterface 202 enabling the customer mobile device 200 to communicate viathe network 126, an input/output device (“I/O” device) 204, third partyclient applications 206, and a financial institution client application208. I/O device 204 includes hardware and associated logics configuredto to exchange information with a customer and other devices (e.g., amerchant transaction terminal). An input aspect of the I/O device 204allows the customer to provide information to the customer mobile device200, and may include, for example, a mechanical keyboard, a touchscreen,a microphone, a camera, a fingerprint scanner, any customer input deviceengageable to the customer mobile device 200 via a USB, serial cable,Ethernet cable, and so on. An output aspect of the I/O device 204 allowsthe customer to receive information from the customer mobile device 200,and may include, for example, a digital display, a speaker, illuminatingicons, LEDs, and so on. The I/O device 204 may include systems,components, devices, and apparatuses that serve both input and outputfunctions, allowing the financial institution computing system 110exchange information with the customer mobile device 200. Such systems,components, devices and apparatuses include, for example, radiofrequency transceivers (e.g., RF or NFC-based transceivers) and othershort range wireless transceivers (e.g., Bluetooth®, laser-based datatransmitters, etc.).

Third party client applications 206 are structured to provide thecustomer with access to services offered by various third parties (e.g.,associated with third party systems 106). Some third party clientapplications 206 may be hard coded onto the memory of the customermobile device 200, while other third party client application 206 may beweb-based interface applications, where the customer has to log onto oraccess the web-based interface before usage, and these applications aresupported by a separate computing system comprising one or more servers,processors, network interface circuits, or the like (e.g., third partysystems 106), that transmit the applications for use to the mobiledevice.

In some arrangements, the third party client applications 206 arestructured to permit management of at least one customer accountassociated with a third party service. Accordingly, a particular thirdparty client application 206 may be communicably coupled to a thirdparty system 106 via the network 126. Through this communicativecoupling, the third party system 106 may provide displays regarding theparticular third party service or application. For example, one thirdparty client application 206 may include a calendar application, and thedisplays provided by third party client application 206 may enable thecustomer 102 to input information regarding customer events, meetings,appointments (e.g., information regarding the timing and location ofcustomer events). Upon the customer 102 inputting such informationregarding the customer events, the customer-input information is storedat a third party system 106, and incorporated into future displaysprovided to the customer 102 via the third party client application.Through such displays, the customer 102 is able view thepreviously-input information via a calendar interface. Other third partyclient applications 206 include, but are not limited to financial healthapplications (e.g., applications configured to provide the customer 102with financial advice), and social media applications.

In some embodiments, some of the third party client applications 206include APIs specifically configured to request information financialinstitution computing system 110. For example, the financial institution104 may have arrangements with third parties providing third partyclient applications 206. Under such arrangements, the customer 102 isable to provide particular third party client applications 206 withaccess to subsets of information pertaining to the customer 102 storedat the financial institution computing system 110 (e.g., in the accountsdatabase 124). Upon the customer 102 providing such permission to athird party client application 206, the customer mobile device 200 maytransmit information requests to the financial institution computingsystem 110 via such APIs, and utilize information received from thefinancial institution computing system 110 to update the displaysrendered viewable by the customer 102 via the third party clientapplication 206.

To illustrate, the customer 102 may provide a calendar application withcustomer bill payment information stored at the financial institutioncomputing system 110. The calendar application may include a widgetspecifically configured to enable the customer 102 to insert the billpayment information into the calendar application. This way, thecustomer 102 is reminded of bill payments in the third party clientapplication 206.

In various arrangements, the particular communications channel throughwhich customer financial information is provided to the third partyclient application 206 may vary depending on the implementation of thethird party client application 206. For example, if the third partyclient application 206 is web-based, a third party system 106 providingthe third party client application 206 to the customer mobile device 200may receive the customer information maintained at the financialinstitution computing system 110, and incorporate that information intovarious displays rendered on the customer mobile device 200 via thethird party client application 206

In situations where a third party client application 206 is a nativeapplication on the customer mobile device 200, the customer mobiledevice 200 may formulate and transmit an information request via an APIin the third party client application 206 to the financial institutioncomputing system 110. The information request may include an identifier(e.g., encryption key) that is based at least in part on the identity ofthe third party client application 206. As such, depending on theapplication permissions provided by the customer 102 via the methodsdescribed herein, the financial institution computing system 110 mayallow or deny the third party client application 206 access to therequested information.

The financial institution client application 208 is structured toprovide displays to the customer mobile device 200 that enable thecustomer 102 to manage financial accounts. Accordingly, the financialinstitution client application 208 is communicably coupled to thefinancial institution computing system 110 (e.g., the account managementcircuit 120 and the access control circuit 122) and is structured topermit management of the customer financial accounts and transactions.The displays provided by the financial institution client application208 may be indicative of current account balances, pending transactions,profile information (e.g., contact information), and the like.

Further, in some embodiments, the financial institution clientapplication 208 is structured to present displays pertaining to theaccess control tower discussed herein. In this regard, via the financialinstitution client application 208, the customer mobile device 200 isconfigured to receive various datasets from the financial institutioncomputing system 110 describing the entities (e.g., third party systems106, customer devices 108, third party applications 206) to which thecustomer 102 has provided access to customer financial information. Thecustomer mobile device 200, via the financial institution clientapplication 208, is configured to render such datasets into various datacontrol tower interfaces. As described herein, through such interfaces,the customer 102 is able to modify the quantity of information availableto these entities, and provide additional entities with access toinformation at the financial institution computing system 110.

In some embodiments, the customer mobile device 200 is configured (e.g.,via the financial institution client application 208) to perform variousoperations described herein as being performed by the financialinstitution computing system 110. For example, in one embodiment,financial institution client application 208 includes APIs structured tointegrate with various third party client applications 206 on thecustomer mobile device 200. Through such APIs, customer informationreceived from the financial institution computing system 110 via thefinancial institution client application 208 may be shared with thethird party client applications 206, and utilized by the third partyclient applications 206.

In some embodiments, the financial institution client application 208 isa separate software application implemented on the customer mobiledevice 200. The financial institution client application 208 may bedownloaded by the customer mobile device 200 prior to its usage, hardcoded into the memory of the customer mobile device 200, or be aweb-based interface application such that the customer mobile device 200may provide a web browser to the application, which may be executedremotely from the customer mobile device 200. In the latter instance,the customer 102 may have to log onto or access the web-based interfacebefore usage of the applications. Further, and in this regard, thefinancial institution client application 208 may be supported by aseparate computing system including one or more servers, processors,network interface circuits, etc. that transmit applications for use tothe customer mobile device 200.

It should be understood that other customer devices 108 (e.g., customerdevices 108 other than a customer mobile device 200) may includeapplications that are similar to the third party client applications 206and financial institution client application 208 discussed above. Forexample, a customer smart appliance may include an applicationassociated with the financial institution 104 that enables the customer102 to view the access control tower, and manage customer accounts. Inanother example, a customer smart speaker may include an applicationthrough which the customer 102 may modify access permissions to variousentities via voice commands.

Referring to FIG. 3 , a flow diagram of a method 300 of managing accessto customer information maintained by the financial institution 104 isshown according to an example embodiment. The method 300 is performed bythe financial institution computing system 110 (e.g., by the accesscontrol circuit 122, by the processor 116, etc.).

The method 300 begins when a customer 102 is authenticated at 302. Thefinancial institution computing system 110 receives an authenticationrequest from the customer 102 via a computing device associated with thecustomer (e.g., a smartphone via a mobile banking application, acomputing device via a web-based banking portal, etc.). In an alternatearrangement, the request may be received via an ATM associated with thefinancial institution 104. The authentication request indicates that anindividual purporting to be the customer 102 is attempting to access theaccess control tower to manage access to the customer informationassociated with the customer 102. The authentication request includescustomer authentication information (e.g., customer name, password,biometric, debit card dip in an ATM, PIN, etc.). Based on the customerauthentication information, the request is either granted or denied. Ifthe request is denied, step 302 of the method 300 does not occur, andthe method 300 ends. The description of the method 300 continues forsituations in which the customer 102 is authenticated.

Access to the data control tower portal is provided at 304. After thecustomer 102 is authenticated, the financial institution computingsystem 110 provides the customer 102 access to the data control towerportal. The access to the data control tower portal may be facilitatedthrough a computing device associated with the customer (e.g., asmartphone via a mobile banking application, a computing device via aweb-based banking portal, etc.). The computing device presentsinteractive graphical customer interfaces to the customer 102 throughwhich the customer 102 can manage the access controls for the customerinformation. The data control tower portal may be part of a mobilebanking application or a remote banking website associated with thefinancial institution 104. As noted above, in some arrangements, theaccess to the customer information can be managed on a payments level(e.g., managing all of the third parties that the customer 102 mayengage in a transaction with accounts held by the customer 102 at thefinancial institution 104), on a device level (e.g., managing whichcustomer devices 108 have access to data stored at the financialinstitution computing system 110), and on an application level (e.g.,managing all third party client applications 206 on a customer mobiledevice 200 that have access to information stored at the financialinstitution computing system 110). FIGS. 4-7 and FIGS. 11-13 showexample customer interfaces associated with the data control tower thatdemonstrate various management features of the data control tower.

Referring to FIG. 4 , a data control tower customer interface 400 isshown according to an example embodiment. The customer interface 400 isshown as a display on the customer mobile device 200. The customerinterface 400 includes a payments toggle 404, an applications toggle406, and a devices toggle 408. As shown by the bolded outline of thepayments toggle 404, the payments toggle 404 is selected. Accordingly,the customer interface 400 is a payment level customer interface. Whilein the payment level customer interface, the customer 102 can select anaccount held by with the financial institution 104 via the dropdown box410. As shown in FIG. 4 , the customer 102 has selected a checkingaccount. After selecting a specific account, a merchant listing 412 anda wallet listing 418 is populated. Each entry in the merchant listing412 identifies a merchant (e.g., brick-and-mortar merchants andecommerce merchants) to which the customer 102 has provided or mayprovide permission to which make a payment with an account (e.g., theselected checking account) held by the customer 102 at the financialinstitution 104.

To populate the merchant listing 412, the financial institutioncomputing system 110 may access the accounts database 124. For example,the access control circuit 122 may retrieve a customer transactionhistory from the accounts database 124 and identify various merchants atwhich the customer 102 performed transactions using the selectedchecking account (or other accounts held by the customer 102 at thefinancial institution 104). Alternatively, the customer 102 may havepreviously permitted the financial institution 104 to provide accountinformation to various merchants (e.g., via the add button 426 describedbelow). Alternatively, the financial institution computing system 110may transmit various requests to third party systems 106 which, inresponse (e.g., via various APIs provided at the third party systems106) may transmit indications to the financial institution computingsystem 110 that the customer 102 has provided information describing thechecking account (e.g., an account number) to the third party system106. For example, the financial institution 104 may have arrangementswith various merchants. Under such arrangements, the merchants may agreeto notify the financial institution 104 upon the customer providinginformation associated with the financial institution 104 (e.g.,information pertaining to a customer account) to the merchant.

Each entry in the merchant listing 412 may include a display button 414as well as a status indicator 416. By pressing the display button 414associated with a particular entry, the customer may provide an input toprogram logic being executed by the customer mobile device 200 (e.g.,program logic that is part of the financial institution clientapplication 208) to update the interface 400 to incorporate a merchantaccess mechanism for the merchant of the entry. The merchant accessmechanism may be incorporated into the interface 400 in a similar manneras the wallet access mechanisms 424 described below. The merchant accessmechanism may identify the information pertaining to the checkingaccount (or other account) that was provided to the merchant. In variousembodiments, the merchant access mechanism may include a tokenizedaccount number (e.g., a surrogate value for the actual account number ofthe checking account), an actual account number, a debit card number,and so on.

The status indicators 416 indicate the status of various accesspermissions that the customer 102 has provided to various merchants. Inthe example shown in FIG. 4 , the customer 102 is currently permittingeach of the merchants identified in the merchant listing 412 to accessat least some form of customer information maintained at the financialinstitution computing system 110. However, in some embodiments, thecustomer 102 may provide an input to program logic being executed by thecustomer mobile device 200 by interacting with the status indicators416. For example, the customer 102 may revoke a particular merchant'spermission to access customer information by pressing the “off” portionof a particular status indicator 416. In response, the customer mobiledevice 200 may transmit a notification signal to the financialinstitution computing system 110 and, in response, the access controlcircuit 122 may update the permissions for that merchant such that thefinancial institution computing system 110 will not grant variousinformation requests regarding the customer 102 transmitted by the thirdparty system 106 to the financial institution computing system 110 overthe network 126. Alternatively or additionally, the financialinstitution computing system 110 may update settings associated with thecustomer 102's account such that any transaction request from thatmerchant is denied. Thus, by the interface 400, the customer 102 is ableto control the access of various third party systems 106 to information.

Still referring to FIG. 4 , the interface 400 further includes a walletlisting 418. The wallet listing 418 may include various entries (e.g.,wallet 1 and wallet 2) describing various payment services that thecustomer has permitted the financial institution 104 to provide accountinformation to. The payment services may include applications throughwhich the customer 102 may perform various types of transactions (e.g.,online transactions, person-to-person transactions, mobile wallettransactions, etc.). As such, entries in the wallet listing 418 mayinclude mobile wallet applications (e.g., Samsung Pay®, Apple Pay®,etc.) and person-to-person payment applications (e.g., Venmo®, Zelle™,PayPal®, etc.). Similar to the entries in the merchant listing 412discussed above, each entry may include a display button 420 and astatus indicator 422. As indicated by the bolded outline of the displaybutton 420, the display button 420 associated with a particular entry inthe wallet listing 418 has been selected by the customer 102. As shown,upon the customer 102 selecting the display button 420, various walletaccess mechanisms 424 are shown.

The wallet access mechanisms 424 may include the information that thecustomer 102 has permitted the payment service associated with the entry(e.g., wallet 2) of the wallet listing to access by the methodsdescribed herein. In the example shown, the wallet access mechanisms 424present the customer 102 information pertaining to all accountinformation that the customer 102 has permitted the payment service toaccess. As such, wallet access mechanisms 424 include an account numberassociated with both a credit account and a debit account (e.g.,associated with the checking account). It should be understood that, inalternative arrangements, only wallet access mechanisms associated withthe account selected via the dropdown box 410 may be shown.Additionally, different wallet access mechanisms 424 such as tokens,account names, and the like associated with the customer 102's accountsmay also be shown. As shown in FIG. 4 , the customer 102 has turned offthe payment service's access to the debit card number associated withthe checking account, and permitted the payment service to access toaccess the credit card number associated with a credit account held bythe customer 102. In some embodiments, responsive to the customer 102revoking an access permission to a particular wallet, the financialinstitution computing system 110 may transmit a signal to a third partywallet provider associated with the wallet configured to cause a paymenttoken or the like to be deleted at the third party wallet provider.

The customer interface 400 also includes an add button 426 and a deletebutton 428. If the customer 102 interacts with the add button 426, thecustomer 102 can add a new merchant and/or payment service to themerchant listing 412 and/or wallet listing 418. For example, in responseto the customer 102 selecting the add button 426, an additionalinterface is presented to the customer 102. The additional interface mayinclude a drop down menu listing various merchants that the customer 102may select to provide permission to access the customer information.Additionally, the interface may enable the customer 102 to identify theparticular information that may be provided to the identified merchant.Upon the customer selecting a particular merchant to grant permission,the financial institution computing system 110 may update the accesspermissions stored in association with the account of the customer 102.As a result, upon receipt of a request from the identified merchant(e.g., via a third party system 106 over the network 126), the financialinstitution computing system 110 may provide the selected information tothe merchant.

Referring to FIG. 5 , a data control tower customer interface 500 isshown according to an example embodiment. The customer interface 500 issimilar to the customer interface 400. As such, like numbering is usedbetween FIGS. 4 and 5 to designate like components of the customerinterfaces 400 and 500. The customer interface 400 is shown as beingdisplayed on the customer mobile device 200. As with the customerinterface 400, the customer interface 500 includes the payments toggle404, the application toggle 406, and the devices toggle 408. As shown bythe bolded outline of the applications toggle 406, the applicationstoggle 406 is selected. Accordingly, the customer interface 500 is anapplication level management customer interface. As shown, the interface500 includes a listing 502 of various applications that the customer 102has provided access to various forms of customer information maintainedat the financial institution computing system 110. The listing 502 mayinclude various third party client applications 206 installed on thecustomer mobile device 200 and/or other customer devices 108 that thecustomer 102 has provided access to information stored at the financialinstitution computing system 110.

Similar to the interface 400 discussed above, each entry in theapplication listing 502 may include a display button 504 and a statusindicator 506. As indicated by the bolded outline of the display button504, the customer 102 has selected the display button 504 to cause anapplication access mechanism 508 to be shown. The application accessmechanism 508 may include a description of the customer information towhich the customer 102 has provided the application access to. In theexample shown, the application associated with the selected displaybutton 504 is a calendar application and the access mechanism is thecustomer's bill payments. By providing the calendar application withaccess to the customer 102's bill payments, the customer 102 may bereminded of upcoming payments via the calendar application. As such,various events or reminders may be created by the calendar applicationbased on the information provided by the financial institution 104. Forexample, upon the customer 102 providing the calendar application withaccess to customer bill payment information (e.g., describing therecipient of the upcoming payment, the due date, and the amount owed),the calendar application may list upcoming payments owed by the customer102.

The customer 102 may first provide the calendar application with accessto customer bill payment information by, for example, hitting the addbutton 426. Upon the customer 102 hitting the add button 426, thecustomer 102 may be brought to another interface enabling the customer102 to identify an application to provide with access to customerfinancial data.

Referring now to FIG. 6 , a data control tower customer interface 600 isshown according to an example embodiment. Like numbering is used betweenFIGS. 4-6 to designate like components of the customer interfaces 400,500, and 600. The customer interface 600 is shown as displayed on thecustomer mobile device 200. As with the customer interfaces 400 and 500,the interface 600 includes a payment toggle 404, and application toggle406, and a devices toggle 408. As shown by the bolded outline of theapplication toggle 406, the application toggle 406 is selected. In someembodiments, the customer interface 600 is presented upon the customer102 selecting the add button 426 of the interface 500 discussed above.The interface 600 includes an application dropdown 602, a featuresdropdown 604, an account selection dropdown 606, a cancel button 608,and a submit button 610. The application dropdown 602 includes a list ofvarious applications. For example, upon the customer 102 selecting theadd button 426 on the interface 500, program logic being executed by aprocessor of the customer mobile device 200 may access an applicationregistry to identify various applications installed on the customermobile device 200. The application dropdown 602 may include an entry foreach application installed on the customer mobile device 200.Alternatively, the application dropdown 602 may include a subset of theapplications installed on the customer mobile device 200. For example,the financial institution 104 may only share customer information with aset of applications provided by trusted entities. As such, the programlogic being executed by the processor of the customer mobile device 200may cross reference the applications that are installed on the customermobile device 200 with a list of trusted applications (e.g., based onapplication keys, titles, or the like) and incorporate the trustedapplications that are installed on the customer mobile device 200 intothe application dropdown.

The features dropdown 604 may include a dropdown list of various formsof information maintained by the financial institution computing system110. Using the features dropdown, the customer 102 may select the formsof information to share with the application selected via theapplication dropdown 602. In some arrangements, the forms of informationprovided by the features dropdown 604 may be dependent on the particularapplication selected by the customer 102. Accordingly, once the customer102 selects an application via the application dropdown, the featuresdropdown 604 may be populated. In the example shown, the customer 102has selected a calendar application via the application dropdown 602 andselected to provide the calendar application with access to informationregarding customer bill payments. After providing the calendarapplication with such access, the customer 102 may setup the calendarapplication to use the bill payment information. Such a setup process isdescribed below in relation to FIGS. 8-9 .

The accounts dropdown 606 lists various accounts held by the customer102 at the financial institution 104. The customer 102 may select theaccount to use in conjunction with the selected application and/orfeature. In the example shown, the customer 102 has selected a checkingaccount to use in conjunction with a bill payment features integratedwith the calendar application. Thus, according to the processesdescribed below, the customer 102 may setup payments via the calendarapplication using the selected payment account. The cancel button 608enables the customer 102 to cancel adding an application to the listing502 of the interface 500. In some embodiments, upon the customer 102selecting the cancel button 608, the customer 102 is brought back to theinterface 500. The submit button 610 enables the customer 102 to providean input to the program logic being executed to the customer mobiledevice 200 to share the identified information with the selectedapplication. As such, the selected information may be incorporated intothe selected application to facilitate the customer 102's utilization ofthe selected application.

Referring now to FIG. 7 , a data control tower customer interface 700 isshown according to an example embodiment. The customer interface 600 issimilar to the customer interfaces 400-500. Like numbering is usedbetween FIGS. 4-7 to designate like components. The customer interface700 is shown as displayed on the customer mobile device 200. As withcustomer interfaces 400 and 500, the customer interface 700 includes thepayments toggle 404, the applications toggle 406, and the devices toggle408. As shown by the bolded outline of the devices toggle 408, thedevices toggle 408 is selected by the customer 102. Accordingly, thecustomer interface 700 is a device level management customer interface.While in the device level management customer interface, the customer102 can manage the information that various customer devices 108 haveaccess to.

In the example shown, the interface 700 includes a device listing 702.The device listing may list various customer devices 108 that thecustomer 102 has registered with the financial institution 104. Forexample, for each customer device 108, the customer 102 may download andinstall an application provided by the financial institution 104, orregister the customer device 108 via a website provided by the financialinstitution computing system 110. Upon registration and/or installation,a device identifier may be assigned to each customer device 108 by thefinancial institution computing system 110 and stored in associationwith the customer 102 (e.g., in the accounts database 124). Upon thecustomer 102 accessing the data control tower portal (e.g., at step 304of the method 300), the financial institution computing system 110 mayretrieve the various device identifiers stored in association with thecustomer 102 and transmit a device dataset to the customer mobile device200 that is used by, for example, a mobile banking application of thecustomer mobile device 200 to populate the listing 702.

Various forms of customer devices 108 may populate various entries ofthe listing 702. Customer devices 108 may include, for example, smartphones, wearable computing devices (e.g., smart watches, smart glasses,and the like), smart speakers, vehicle computing devices, various IOTdevices (e.g., thermostats, appliances, televisions, and the like),smart phones, tablets, video game counsels, and the like. Similar to theinterfaces 400 and 500, each entry in the listing 702 may include adisplay button 704 and a status indicator 706. As shown by the boldedoutline of the display button 704, the display button 704 of thatparticular entry has been selected by the customer 102. Selection of thedisplay button 704 causes a device access mechanism 708 to be presentedto the customer 102. Device access mechanism 708 may inform the customer102 as to the type of information that may be accessed via the customerdevice 108 associated with the entry. In the example shown, the customer102's smart speaker (e.g., an Amazon Echo®) has been provided withaccess to the transaction history of the customer maintained at theaccounts database 124. In some embodiments, in response to the customer102 selecting the display button 704, a plurality of potential deviceaccess mechanisms 708 may be presented to the customer 102. The deviceaccess mechanisms 708 may include all potential information that thecustomer may provide to the customer device 108 associated with theselected entry. Depending on the implementation, such device accessmechanisms may include, amongst other things, customer account balanceinformation, customer bill payment information, a customer transactionhistory, customer alerts, and customer account identifying information(e.g., account numbers, tokens, etc.).

By hitting the display button 704, the customer 102 may selectivelymodify the access of various customer devices 108 to various forms ofinformation via manipulation of the status indicators 706. For example,by manipulating a status indicator 706 relating to a particular customerdevice 108, the customer 102 may provide an input to program logic(e.g., of a mobile banking application) being executed by the processorthe customer mobile device 200. The input may cause the customer mobiledevice 200 to transmit a signal to the financial institution computingsystem 110 over the network 126 causing the financial institutioncomputing system 110 to update customer account settings. For example,upon receipt of such a signal, the financial institution computingsystem 110 may update an entry of a customer device dataset maintainedat the accounts database 124. The entry may include the deviceidentifier discussed above associated with the selected customer device108 as well as various access permissions. The entry may be updated suchthat, if the customer 102 were to attempt to access information from theselected customer device 108, the information would not be provided tothe customer device 108 (e.g., the customer 102 may be presented with an“information unavailable” screen, or the like).

While the above examples relate to interfaces presented to the customer102 via a customer mobile device 200, it should be understood that thecustomer 102 may perform similar operations with respect to severalother types of customer devices 108. For example, the customer 102 mayalso adjust the third party systems 106 that have access to the customerfinancial information via a smartwatch, a smart appliance, a computingsystem in a vehicle of the customer 102, a smart speaker, and any othercustomer device 108 via applications or websites associated with thefinancial institution 104 implemented thereon.

Referring again to FIG. 3 and the method 300, updated access permissionsor settings are received at 306. The financial institution computingsystem 110 receives the updated access permissions or settings from thecustomer 102 via the access control tower portal (e.g., from a computingdevice that the customer 102 is using to access the access control towerportal). The updated access permissions or settings may relate tomerchants, payment services, applications, and devices discussed withrespect to FIGS. 4-7 .

The financial institution computing system 110 determines if externalaction is required to implement the updated access permissions orsettings at 308. In some arrangements, the type of access permission orsetting being updated requires that the financial institution computingsystem 110 transmits commands to a customer device 108 or to athird-party system 106 to implement the updated access permissions orsettings. For example, if the updated access permission or settingrelates to revoking or provisioning a payment token stored on a customerdevice 108, the financial institution computing system 110 may need tosend a command to either (1) deactivate or remove the payment token fromthe customer device 108 or the third-party systems 106 affiliated withthe mobile wallet (e.g., a third-party mobile wallet server, a paymentnetwork server that manages a token vault associated with the paymenttoken, etc.) or (2) activate or provision the token to the mobile walletvia the customer device 108 and/or the third-party systems 106. In otherarrangements, the type of access permission or setting being updated canbe performed at the financial institution computing system 110 withoutadditional commands sent to a customer device 108 or a third-partysystem 106. For example, if the updated access permission or settingrelates to revoking a third-party's access to account balanceinformation, the financial institution computing system 110 can performan internal update at the financial institution computing system 110adjusting the API permissions associated with the third-party withoutthe need to send a command to the third-party system 106 associated withthe affected third-party.

If external action is required, commands are transmitted to theappropriate recipient at 310. The financial institution computing system110 transmits the update commands to the appropriate third-party systems106 and/or customer devices 108. If no external action is required, theupdated access permissions or settings are implemented at 312. Thefinancial institution computing system 110 updates internal accountaccess permissions or settings in the accounts database 124.Additionally, in some arrangements, the update to the account accesspermissions or settings requires both external and internal action. Insuch arrangements, both steps 310 and 312 are performed. Based on theupdated settings and permissions, the financial institution computingsystem 110 facilitates the sharing (or denial of requests to access)customer information to the external systems (e.g., customer devices 108and third-party systems 106).

In an example implementation, the customer 102 may utilize the datacontrol portal to update payment information stored at various thirdparty systems 106. For example, if the customer 102 gets a new accountat the financial institution 104 or losses a credit card, the customer102 may wish to update the payment information stored at the variousthird party systems 106. In some embodiments, upon the customer 102updating account information stored in the accounts database 124, thefinancial institution computing system 110 (e.g., via the access controlcircuit 122) is configured to provide the updated information to thevarious third parties, applications, and devices to which the customerhas provided access via the data control portal. For example, upon thecustomer changing an account number, the financial institution computingsystem 110 may transmit an information packet including the updatedaccount information and a customer identifier to the third party system106 associated with a particular merchant. Such customer identifiers maybe established between the financial institution 104 and third partyupon the customer providing the third party with access to informationstored at the financial institution computing system 110. Thus, based onthe customer identifier, the third party system 106 may identify acustomer account at the third party (e.g., a shopping account) andupdate the customer's financial information associated with the account.Such a process may be repeated for any third party systems 106 havingaccess to customer financial information. As such, the customer needn'tupdate account information stored at individual third party systems 106,as this can be accomplished via a single visit to the data controltower.

Referring now to FIG. 8 , a third party client application interface 800is shown, according to an example embodiment. The third party clientapplication interface 800 may be rendered by a third party clientapplication 206 on the customer mobile device 200 upon the customer 102providing the third party client application 206 with access tofinancial data (e.g., as discussed above with respect to FIGS. 5-6 . Inthe example shown, the third party client application 206 is a calendarapplication. As such, the interface 800 includes a calendar window 802describing various customer events. The interface 800 also includesaddition buttons 804 enabling the customer 102 to add items that areincluded in the calendar window 802. In the example shown, among theaddition buttons 804 is a financial event button 806. In an example, thethird party client application 206 rendering the interface 800 includesa widget specifically configured to generate the financial event button806 upon receipt of financial data from the financial institutioncomputing system 110. In the example shown, the customer 102 hasprovided the third party client application 206 with informationregarding customer bill payments (coinciding with the example shown inFIG. 6 ).

In an example, upon the customer 102 selecting the financial eventsbutton 806, the third party client application 206 configures thecustomer mobile device 200 to request customer bill payment information(e.g., via the customer mobile device 200 or via a combination of thecustomer mobile device 200 and a third party system 106) from thefinancial institution computing system 110. In response, the financialinstitution computing system 100 verifies that the access permissionsstored in association with the customer 102 permit the requestedinformation to be provided to the third party client application 206. Ifso, the requested customer financial data is provided to a computingsystem (e.g., the customer mobile device 200 or a third party system106) associated with the third party client application 206.

Third party client application interface 800 further includes afinancial information window 808 that includes the customer financialinformation received from the financial institution computing system110. In the example shown, the financial information window 808 lists anupcoming bill payment 810. As such, through the systems and methodsdisclosed herein, the customer 102 is able to request and view financialdata from various vantage points.

Upon the customer 102 selecting the upcoming bill payment 810, thedisplays presented via the third party client application 206 may beupdated. Referring to FIG. 9 , another third party client applicationinterface 900 is shown, according to an example embodiment. Theapplication interface 900 may be presented to the customer 102 upon thecustomer 102 selecting the upcoming bill payment 810 discussed inrelation to FIG. 8 . As shown, the interface includes a calendar window902 describing various customer events. Calendar window 902 includes anadditional event 904 that describes the upcoming bill payment 810selected by the customer 102. Additionally, the interface 900 includesan addition button 906 enabling the customer 102 to input informationregarding an additional customer event.

Interface 900 also includes a payment window 908. For example, the thirdparty client application 206 rendering the interface 900 on the customermobile device 200 may include a payments widget configured to generatetransaction requests using customer account information received fromthe financial institution computing system 110 in accordance withvarious systems and methods disclosed herein. As discussed above inrelation to FIG. 5 , the customer may indicate a preference to provide athird party client application 206 with access to customer checkingaccount information. Thus, the financial institution computing system110, upon receiving an information request generated via the third partyclient application 206, may transmit both the customer bill paymentinformation and the customer checking account information. Suchinformation may be used by the third party client application 206 toformulate a transaction request in response to the customer 102indicating such a preference (e.g., via the payment button 910). Thepayments widget may enable the customer 102 to request that a payment bemade for the bill depicted by the additional event 904. The interface900 also enables the customer 102 to change the account informationshared with the third party client application 206 via an edit button912. Upon the customer 102 selecting the edit button 912 an additionalinterface may be displayed to the customer 102 that enables the customer102 to provide inputs to change the account used to make the depictedpayment.

Referring now to FIG. 10 , a data control tower interface 1000 is shown,according to an example embodiment. The data control tower interface1000 is shown as a display presented via the customer mobile device 200(e.g., via the financial institution client application 208). In someembodiments, the interface 1000 serves as an alternative to theinterfaces 400, 500, and 700 described above. As shown, the interface1000 includes a generic access toggle 1002 and an account-by-accounttoggle 1004. As indicated by the emboldened generic access toggle 1002,the generic access toggle 1002 has been selected by the customer 102.The interface 1000 includes a connection search box 1006, functionalityaccess points 1008, an entity listing 1010, and a device listing 1112.The connection search box 1006 enables the customer 102 to input theidentity of an entity (e.g., application, merchant, or device) to whichthe customer 102 has provided access to the customer information. Thefunctionality access points 1008 include various icons providing thecustomer with access to various functionalities provided via thefinancial institution client application 208. For example, thefunctionality access points 1008 may provide the customer with access toview balances associated with their accounts, transfer funds betweenaccounts, register for accounts, make payments via a mobile walletassociated with the financial institution 104, and view statementsassociated with the accounts.

The entity listing 1010 lists each entity (e.g., applications andmerchants) that the customer has provided any sort of access to thecustomer information stored at the financial institution computingsystem 110. The entity listing 1010 includes a plurality of selectableentries 1012. Each entry may list the number of accounts that have beenconnected to the associated entity. Upon the customer selecting aparticular entity, a different interface may be presented to thecustomer 102 enabling the customer 102 to update that entity's accesspermissions. The device listing 1014 lists each customer device 108having access to customer information. Similar to the entity listing1010, the device listing 1014 includes entries 1016 associated withparticular customer devices 108. While the entity listing 1010 and thedevice listing 1014 are shown as been separate from one another, itshould be understood that, in one embodiment, the entity listing 1006and device listing 1110 are combined into a single listing.

In various embodiments, the data control tower interface 1000 may takealternative forms. For example, in some embodiments, the generic accesstoggle 1002 enables the customer to view/scroll through variouscategories of accesses to customer information. For example, a firstcategory box may generally include a listing of the customer's accountsor cards associated with the financial institution 104. Via thiscategory box, the customer may select any of the cards to view variousforms of information regarding the selected card (e.g., balance, generaloff and on status, transaction listing, etc.). An example of such aninterface presented to the customer when the customer selects a card isdescribed with respect to FIG. 20 . Additional category boxes mayinclude recurring payments made via the customer's accounts at thefinancial institution 104, the customer's application data sharingpreferences, and the customer's mobile wallets. As such, the datacontrol tower interface 1000 provides the customer with a single accesspoint to perform a various diverse array of actions with respect totheir finances.

In some embodiments, an additional category of accesses to customerinformation may include aggregators that access the customer'sinformation at the financial institution 104 on behalf of the customerto perform functions on behalf of the customer. By selecting aparticular aggregator on the data control tower interface 1000, thecustomer may provide inputs to disable the aggregator's access tocustomer information. For example, the financial institution computingsystem 110 may update access permissions associated with the customerinformation APIs 128 to deny information requests coming from thirdparty systems 106 known to be associated with the aggregator. As such,the customer has control over the locations to which private informationis disseminated. Other aggregators may utilize customer accountinformation (e.g., account numbers) obtained from the financialinstitution 104 to make payments on behalf of the customer. For thesetypes of aggregators, the data control tower interface 1000 enables thecustomer to quickly turn off payments made by these aggregators.

In some instances, aggregators that customers permit to access theirinformation may provide the information to third parties (i.e.,“sub-aggregators.”). Such data transfers between aggregators andsub-aggregators limit the customers' ability to control locations atwhich their data is stored. Beneficially, the systems and methodsdescribed herein enable customers to prevent such transfers. This isaccomplished through the financial institution 104 monitoringrelationships between aggregators and various sub-aggregators. Forexample, as part of an information sharing arrangement between anaggregator and the financial institution 104 (e.g., to establish acustomer information API 128), the financial institution may require theaggregator to recurrently provide an updated listing of sub-aggregatorswith which they share information. Additionally, the financialinstitution 104 may require the aggregator to update their sharing ofcustomer information with the sub-aggregators in response to thecustomer providing an input to do so via the data control tower portaldescribed herein. Using the information provided by the aggregatorsunder such an arrangement, the financial institution 104 may maintain adirectory mapping aggregators to sub-aggregators.

In some embodiments, the directory is used to populate the data controltower interface 1000. For example, upon the customer providing an inputto view an aggregator's access permissions, the customer mobile device200 may query the directory for a listing of sub-aggregators associatedwith that aggregator (i.e., a listing of sub-aggregators that theselected aggregator shares information with). The listing ofsub-aggregators may appear on the data control tower interface 1000 inconjunction with a set of toggle switches enabling the customer to turnoff that sub-aggregator's access to the customer's information. Upon thecustomer turning off a sub-aggregator's access, the customer mobiledevice 200 (e.g., either directly or via the financial institutioncomputing system 110) may issue a command to a third party system 106associated with the selected aggregator to update data accesspermissions such that the customer information is no longer shared withthe indicated sub-aggregator. Thus, the data control tower portaldescribed herein provides the customer with very complete control of thelocations at which their information is accessed.

Referring now to FIG. 11 , a data control tower interface 1100 is shown,according to an example embodiment. The data control tower interface1100 is similar to the data control tower interface 1000 described withrespect to FIG. 10 in that the interface 1100 also includes a genericaccess toggle 1002, an account-by-account access toggle 1004, and aconnections search box 1006. As indicated by the emboldenedaccount-by-account access toggle 1002, the account-by-account accesstoggle 1004 has been selected by the customer 102.

As shown, the interface 1100 includes a first account listing 1102 and asecond account listing 1106. The first and second account listings 1102and 1106 including listings 1104 and 1108 of various entities (e.g.,applications, customer devices 108, third party systems 106) that thecustomer has provided information regarding the associated account to.As such, the customer 102 may quickly view various locations thatcurrently have access to information associated with a particularaccount.

Referring now to FIG. 12 , an entity permission control interface 1200is shown, according to an example embodiment. The entity permissioncontrol interface 1200 (or another interface similar thereto) may bepresented to the customer 102 (e.g., via the financial institutionclient application 208) upon the customer selecting an entity in any ofthe listings 1010, 1014, 1102, and/or 1108 described with respect toFIGS. 10 and 11 . In the example shown, the interface 1200 is presentedto the customer 102 upon the customer 102 selecting a merchant inmerchant listing 1010 described with respect to FIG. 10 . As shown, theinterface 1200 includes an account selection portion 1202, a transactionlisting 1204, and an account access toggle switch 1206. The accountselection portion 1202 includes all of the accounts that the customer102 has enabled the merchant to access. The account selection portion1202 includes graphical depictions of the various accounts that thecustomer has provided access to. The customer 102 may swipe the accountselection portion 1202 to select a particular account. Upon the customerselecting an account, the customer mobile device 200 may query theaccounts database 124 to retrieve the customer's transactions with thatparticular account at the merchant, and use that data to populate thetransaction listing 1204. Alternatively, the customer mobile device 200and/or financial institution computing system 110 may initiatecommunications with an associated third party system 106 to obtain thecustomer 102's transaction data. As such, the transaction listing 1204presents the customer 102 with the customer's transactions at theassociated merchant occurring within a predetermined period.

The account access toggle switch 1206 is configured to receive acustomer input to permit/revoke the depicted merchant's access toinformation associated with the selected account. In the example shown,the customer 102 is providing the third party system 106 associated withthe merchant with access to the account information. In response to thecustomer 102 switching the account access toggle switch 1206 to anopposing position, the customer mobile device 200 may transmit a commandto the financial institution computing system 110 causing the financialinstitution computing system 110 to update the customer 102's accesspermissions to prevent the merchant from having access to the associatedaccount information. In some embodiments, the account access toggleswitch 1206 is configured to receive a customer input to temporarilyinactivate the selected account.

Referring now to FIG. 13 , an entity permission control interface 1300is shown, according to an example embodiment. The entity permissioncontrol interface 1300 (or another interface similar thereto) may bepresented to the customer 102 (e.g., via the financial institutionclient application 208) upon the customer 102 selecting an entity in anyof the listings 1010, 1014, 1102, and/or 1108 described with respect toFIGS. 10 and 11 . In the example shown, the interface 1300 is presentedto the customer 102 upon the customer 102 selecting an application(e.g., a financial health application, or a payment servicesapplication) in listing 1010 described with respect to FIG. 10 . Theinterface 1300 includes a cash accounts listing 1302, a credit accountlisting 1308, and a payments toggle switch 1314. The cash accountslisting 1302 includes a general toggle switch 1304 and toggle switches1306 associated with individual cash accounts of the customer 102. Withthe general toggle switch 1304, the customer 102 may permit or revokethe associated application's access to information (e.g., transactionhistory, balance information, etc.) associated with all of thecustomer's cash accounts. Using the toggle switches 1306, the customermay revoke the application's access to individual cash accounts.Similarly, the credit account listing 1308 includes a general toggleswitch 1310 and individual toggle switches 1310 enabling the customer102 to permit or revoke access to information regarding the customer102's credit accounts.

The payments toggle switch 1314 is configured to receive a customerinput to enable or disable payments via the application associated withthe selected application. Thus, using the toggle switches 1304, 1306,1310, and 1312; the customer may permit the application to accessinformation associated with the depicted accounts. Using the paymentstoggle switch 1314, the customer generally enables payments to be madevia the selected application. In other words, the payments toggle switch1314 is configured to update a set of transaction rules maintained atthe financial institution computing system 110 (e.g., via the accountmanagement circuit 120). As a result, if the customer disables paymentsvia a particular application, any transaction requests received from thecustomer mobile device 200 via that application will be denied. As,such, the data control portal enables the customer 102 enables thecustomer to manage particular entity's access to information as well asthe manner with which that information may be used.

Referring to FIG. 14 , a flow diagram of a method 1400 of mitigatingpotential fraud associated with access to customer information is shownaccording to an example embodiment. The method 1400 is performed by thefinancial institution computing system 110 (e.g., by the access controlcircuit 122, by the processor 116, etc.).

The method 1400 begins when fraudulent activity is detected at 1402. Insome arrangements, the financial institution computing system 110determines there is fraudulent activity associated with the customer 102based on analyzing customer information access patterns, transactionpatterns, and the like. The fraudulent activity may relate tocompromised financial information (e.g., a compromised payment tokenassociated with fraudulent purchases, a compromised account number, acompromised payment device, etc.) or misappropriation of other customerinformation (e.g., fraudulent access to customer information stored atthe financial institution computing system 110, fraudulent downloads ofdata or document stored at the financial institution computing system110, or the like). In some arrangements, the fraudulent activity can bereported by the customer 102 (e.g., via a customer device 108) if thecustomer 102 becomes aware of potential fraudulent activity associatedwith the customer information managed by the financial institutioncomputing system 110. Similarly, in some arrangements, the fraudulentactivity can be reported by the third-party associated with the fraud.For example, if a merchant becomes aware that the merchant's e-commercesystem has been hacked by fraudsters, and that the customer informationstored on or able to be accessed by the e-commerce system is at risk,the merchant can transmit a message to the financial institutioncomputing system 110 indicating the fraud. In still furtherarrangements, the financial institution computing system 110 canidentify potentially fraudulent activity from other sources, such asnews agencies that report on data breaches associated with thethird-party systems 106.

In an example, the financial institution computing system 110 detects anunusual pattern of activity in association with a third party clientapplication 206. For example, customer information may be requested viaa third party client application 206 at a more frequent than usual rate.In another example, the financial institution computing system 110(e.g., via the account management circuit 120) detects an unusualpattern of activity based on customer transaction data. For example, ifthe account management circuit 120 receives a transaction request from aparticular customer device 108 to request payment to a particularmerchant, the account management circuit 120 may compare the amount ofthe transaction to transactions previously engaged in by the customer102 (e.g., stored in the accounts database 124) and, if the amountdiffers from previous transactions engaged in by the customer 102, or ifcustomer 102 has never engaged in a transaction at the particularmerchant, detect an unusual pattern of activity.

After fraudulent activity is detected at 1402, access privileges areremoved at 1404. The financial institution computing system 110 removesaccess privileges to the customer information in at least one of aplurality different ways. In some arrangements the financial institutioncomputing system 110 revokes access privileges to the customerinformation stored at the financial institution computing system 110(e.g., customer information stored in the accounts database 124). Inother arrangements or additionally, the financial institution computingsystem 110 can pull customer information from the third-party system 106or at the customer device 108 associated with the detected fraudulentactivity. For example, if a payment token is associated with thefraudulent activity, the financial institution computing system 110 canprevent a third-party mobile wallet from accessing the payment token viathe customer information APIs 128 and/or pull a the payment token fromthe third-party mobile wallet computing system if the payment token waspreviously transmitted to the third-party mobile wallet computingsystem.

An alert is sent to the customer 102 at 1406. The financial institutioncomputing system 110 transmits an alert to a customer device 108associated with the customer 102. The alert may be any of a textmessage, an automated telephone call, an e-mail, an in-application pushnotification, or a combination thereof. The alert indicates thatpotential fraudulent activity was detected with respect to the customerinformation. In some arrangements, the alert identifies a specificthird-party system 106 associated with the potential fraudulentactivity. For example, the alert may indicate that a specificthird-party system 106 is attempting to access a piece of customerinformation that is out of the norm of access patterns associated withthe third-party system 106. In some arrangements, the alert iscustomer-interactive such that the customer 102 can reply to the alert(e.g., by interacting with a hyperlink, by interacting with embeddedbuttons, by replying, etc.) to indicate that the potential fraudulentactivity was unauthorized or authorized.

Referring now to FIG. 15 , an alert interface 1500 is shown, accordingto an example embodiment. The alert interface 1500 may be rendered tothe customer 102 via a financial institution client application 208 onthe customer mobile device 200. Additionally, alert interfaces similarto the alert interface 1500 may be displayed on various other customerdevices 108 at the same time that the alert interface 1100 is presentedvia the customer mobile device 200. As such, the customer 102 is alertedof the detected fraudulent activity irrespective of the particularcustomer device 108 possessed by the customer 102 at the time theunusual activity is detected. In this regard, fraud alerts in otherforms are envisioned. For example, the financial institution computingsystem 110 may formulate a sound notification and transmit the soundnotification to a customer device 108 that includes a smart speaker.

In the example shown, the alert interface 1500 includes a description1502 of actions taken by the financial institution computing system 110(e.g., via the access control circuit 122) and the reason that suchactions were taken. For example, the financial institution computingsystem 110 (e.g., via the access control circuit 122) may update theaccess privileges associated with a particular third party clientapplication 206 on the customer mobile device 200, and the description1502 may indicate as much to the customer 102. Additionally, the alertinterface 1500 includes a customer action window 1504. The customeraction window 1104 requests the customer 102 to verify recenttransactions that caused delivery of the alert to the customer 102.Customer action window 1504 includes a first option 1506 enabling thecustomer 102 to view recent transactions (or information requests) andto indicate their legitimacy to the financial institution computingsystem 110. Customer action window 1504 also includes a deferral option1508 enabling the customer 102 to put off the verification process to alater time.

Referring now to FIG. 16 , a data control tower customer interface 1600is shown according to an example embodiment, the customer interface 1600is similar to the customer interface 500 discussed above. Like numberingis used between FIGS. 5 and 16 to designate like components. As with thecustomer interface 700, an application toggle 406 has been selected bythe customer 102. In some embodiments, the customer interface 1600 ispresented to the customer 102 after the customer 102 selects thedeferral option 1508 presented to the customer 102 on the alertinterface 1100 discussed above.

In various embodiments, the interface 1600 is presented to the customer102 upon the customer 102 accessing the data control tower (e.g., viaperformance of the steps 302 and 304 discussed above) after unusualactivity with respect to customer application activity has beendetected. In the example shown, the interface 1600 includes an unusualactivity indication 1602 notifying the customer 102 that unusuallyactivity has been detected with respect to a particular applicationlisted in the application listing 502. Additionally, the customerinterface 1600 includes a verification button 1604 enabling the customer102 to view the transactions that caused the display of the unusualactivity information 1302.

Referring back to FIG. 14 and the method 1400, a customer response isreceived at 1408. In some arrangements, the financial institutioncomputing system 110 receives a response from the customer 102 via thecustomer device 108. The customer response may be input by the customer102 into the alert transmitted to a customer device 108 at 1406. Thecustomer response provides an indication as to whether the potentialfraudulent activity is authorized or unauthorized. In arrangements wherethe potential fraudulent activity is authorized by the customer 102, thecustomer response may include a reversal request. The financialinstitution computing system 110 determines if the customer responseincludes a reversal request at 1410. If a reversal request was received,the access privileges removed at 1404 are restored at 1412. If areversal request was not received, or after the access privileges arerestored at 1412, the method 1400 ends.

Referring generally to FIGS. 17-19 , example data control towerinterfaces are shown, according to various example embodiments. Forexample, the interfaces shown in FIGS. 17-19 may serve as alternativesto those shown in FIGS. 4-7 described herein. Referring to FIG. 17 , adata control tower user interface 1700 is shown according to an exampleembodiment. The user interface 1700 is shown as a displayed on themobile device 200 described with respect to FIG. 2 . The user interface1700 includes an account toggle 1704 and a channel toggle 1706. As shownby the bolded outline of the account toggle 1704, the account toggle1704 is selected. Accordingly, the user interface 1700 is an accountlevel management user interface. While in the account level managementuser interface, the customer 102 can select an account held with thefinancial institution 104 via the drop down box 1708. As shown in FIG.17 , the customer 102 has selected a checking account. After selecting aspecific account, a listing 1710 of connected account access channels ispopulated. The listing 1710 identifies each channel that the customer102 has previously configured to access the checking account. Each entryin the listing 1710 identifies a specific channel (e.g., a debit card,mobile wallet 1, mobile wallet 2, etc.), a channel access mechanism(e.g., a debit card number, a token identifier, an account number,etc.), and whether the channel access is currently active or inactivevia a slider toggle 1712 (where “Y” means the channel is active, and “N”means the channel is inactive). A channel may be a customer device 108(e.g., a wearable device, a payment card, etc.) or a third-party system106 (e.g., a mobile wallet, a retailer bill pay system, a utilitycompany system, etc.).

The customer 102 can interact with a given slider toggle 1712 toactivate or deactivate a given channel's access to the selected account.For example, as shown in the user interface 300, the debit card isactive (as shown by the associated slider toggle 1712 being in the “Y”position). Accordingly, when the customer 102 attempts to use the debitcard to make a payment (e.g., a purchase with a merchant) or withdrawcash from an ATM, the debit card is linked to the checking accountidentified in the drop down box 1708, and the payment can go through orfunds can be withdrawn (assuming the checking account has theappropriate balance). If the customer 102 interacts with the slidertoggle 1712 to deactivate the debit card's access to the checkingaccount (e.g., by sliding the toggle 1712 to the “N” position), thedebit card is no longer linked to the checking account. If the slidingtoggle 1712 is in the “N” position and the customer 102 attempts to usethe debit card at a merchant point-of-sale system or an ATM, thetransaction will be denied or not processed from the checking account.

The user interface 1700 also includes an add button 1714 and a deletebutton 1716. If the customer 102 interacts with the add button 1714, thecustomer 102 can add a new channel to the listing 1710 of approvedchannels that are linked to the identified account. In doing so, thecustomer 102 may need to register the customer device 108 (e.g., byproviding a device identifier, by providing a primary account number ofa payment card, by logging into an application or website via thecustomer device 108, etc.) or the third-party system 106 (e.g., bylogging into a third-party website or application associated with thethird-party system 106) with the financial institution 104 to pair thechannel with the FI computing system 110. If the customer 102 interactswith the delete button 1716, the customer 102 can select a channel inthe listing 1710 to revoke access of the selected channel to theaccount.

Referring to FIG. 18 , a data control tower user interface 1800 is shownaccording to an example embodiment. The user interface 1800 is similarto the user interface 1700. As such, like numbering is used betweenFIGS. 17 and 18 to designate like components of the user interfaces 1700and 1800. The user interface 1700 is shown as a displayed on the mobiledevice 200. As with the user interface 1700, the user interface 1800includes the account toggle 1704 and the channel toggle 1706. As shownby the bolded outline of the channel toggle 1706, the channel toggle1706 is selected. Accordingly, the user interface 1800 is a channellevel management user interface. While in the channel level managementuser interface, the customer 102 can select a channel that is pairedwith the financial institution 104 via the drop down box 1802. A channelmay be a customer device 108 (e.g., a wearable device, a payment card,etc.) or a third-party system 106 (e.g., a mobile wallet, a retailerbill pay system, a utility company system, a cloud storage system,etc.). As shown in FIG. 18 , the customer 102 has selected a mobilewallet as the channel to manage. After selecting a specific channel, alisting 1804 of accounts associated with the channel is populated. Thelisting 1804 identifies each account that that the customer 102 haspreviously configured to be accessed by the selected channel. Each entryin the listing 1804 identifies a specific account (e.g., a debit card, acredit card, etc.), an account access mechanism (e.g., a payment token),and whether the account is currently active or inactive via a slidertoggle 1806 (where “Y” means the account is active, and “N” means theaccount is inactive).

The customer 102 can interact with a given slider toggle 1806 toactivate or deactivate the selected channel's access to an accountassociated with the slider toggle 1806. For example, as shown in theuser interface 1800, the token associated with credit card is active (asshown by the associated slider toggle 1806 being in the “Y” position).Accordingly, when the customer 102 attempts to make a payment with themobile wallet (e.g., a purchase with a merchant) credit card 1 is listedas an option for the payment source of the transaction. If the customer102 interacts with the slider toggle 1806 to deactivate the channel'saccess to the token associated with credit card 1 (e.g., by sliding thetoggle 1806 to the “N” position), the credit card is no longer listed asa payment source in the mobile wallet (or is listed as an unavailablepayment source). For, example in response to the customer 102deactivates the channel's access, the financial institution computingsystem 110 may transmit a command to a third party system 106 associatedwith a token service provider instructing the third party system 106 todelete or temporarily deactivate the token.

Each entry in the listing 1804 also includes a default payment indicator1808 and a delete payment button 1810. The default payment indicator1808 is highlighted to indicate the default payment source of the mobilewallet. As shown in FIG. 18 , the selected default payment method forthe mobile wallet is the debit card. If the customer 102 interacts withthe default payment indicator 1808 of a different entry (e.g., creditcard 1 or credit card 2), the customer 102 can change the defaultpayment source for the mobile wallet even though the customer is notinteracting directly with the mobile wallet. If the customer 102interacts with the delete payment button 1810 for a given entry, thecustomer 102 can remove the associated payment source from the mobilewallet. Thus, the user interface 1800 enables the customer 102 todeactivate and activate tokens, select a default payment vehicle for amobile wallet, and remove a payment vehicle from a mobile wallet on thesame user interface. To populate the user interface 1800, the financialinstitution computing system 110 may utilize one of the customerinformation APIs 128 associated with a mobile wallet provider of themobile wallet selected via the drop down box 1802. In other words, inresponse to receiving an indication of the customer 102's selection ofthe mobile wallet via the drop down box 1802, the financial institutioncomputing system 110 may formulate an API information request includingan identifier associated with the third party system 106. The APIinformation request may request information regarding the customer 102'smobile wallet account (e.g., token activation statuses, default paymentvehicles, etc.). Upon receipt of the API information request, the thirdparty system 106 may verify the financial institution computing system110 and, in response, provide the requested information.

Still referring to FIG. 18 , the user interface 1800 also includes anadd new payment source button 1812. If the customer 102 interacts withthe add new payment source button 1812, the customer 102 can provision apayment token associated with a new payment source to the mobile wallet.The customer 102 can manually input the payment card information (e.g.,primary account number, expiration date, billing address, card securitycode, card verification value, etc.) or select a payment card that thecustomer 102 has that is associated with (i.e., issued by) the financialinstitution 104. When the payment card information is provided by thecustomer 102, the FI computing system 110 can automatically request apayment card token (e.g., from a payment network associated with thepayment card) and transmit the payment card token to the mobile walletsystem (e.g., via a customer information API 128) such that the paymentcard is provisioned to the mobile wallet.

Referring to FIG. 19 , a data control tower user interface 1900 isshown, according to an example embodiment. The user interface 1900 issimilar to the user interfaces 1700 and 1800. As such, like numbering isused between FIGS. 17 through 19 to designate like components of theuser interfaces 1700, 1800, and 1900. The user interface 1900 is shownas a displayed on the mobile device 200. As with the user interfaces1700 and 1800, the user interface 1900 includes the account toggle 1704and the channel toggle 1706. As shown by the bolded outline of thechannel toggle 1706, the channel toggle 1706 is selected. Accordingly,the user interface 1900 is a channel level management user interface.While in the channel level management user interface, the customer 102can select a channel that is paired with the financial institution 104via the drop down box 1802. As shown in FIG. 19 , the customer 102 hasselected a debit card as the channel to manage. The debit card channelof FIG. 19 has different manageable features than the mobile wallet ofFIG. 18 . Accordingly, the specific channel level management userinterfaces presented to the customer 102 while accessing the accesscontrol tower portal may differ depending on the channel selected by theuser.

The debit card specific user interface 1900 includes a linked accountdrop down box 1902. The linked account drop down box 1902 allows thecustomer 102 to change the account associated with the selected debitcard. As shown in FIG. 19 , the debit card is currently linked to achecking account ending in “5678”. If the customer 102 has additionaldemand deposit accounts with the financial institution 104, the customer102 selects a different account to associate the debit card with via thedrop down box 1902.

Additionally, the user interface 1900 includes a plurality of differentpurchase controls 1904. Each of the purchase controls 1904 includes atoggle slider 1906 that allows the customer 102 to activate ordeactivate a particular control associated with the debit card (where“Y” means the feature is active, and “N” means the feature is inactive).The purchase controls 1904 may include a point of sale control thateither permits or blocks the debit card from being used at a merchantpoint of sale system, an ATM control that either permits or blocks thedebit card from being used at an ATM, a mobile wallet control thateither permits or blocks the debit card from being used in a mobilewallet, a merchant e-commerce control that either permits or blocks thedebit card from being stored at a merchant e-commerce site as a storedpayment method, a travel fraud detection control that turns on or off afraud detection feature, and the like. The customer 102 can interactwith a given toggle slider 1906 to activate or deactivate the associatedpurchase control 1904. The available purchase controls may vary bychannel.

Referring now to FIG. 20 , an account control customer interface 2000 isshown, according to an example embodiment. In various embodiments, thecustomer is presented with the account user interface 2000 (e.g., viathe financial institution client application 208) upon the customerselecting an account on the data control tower interface 1000 describedwith respect to FIG. 10 . As shown, the account control customerinterface 2000 includes a listing of various controls associated with anaccount. As shown, a first toggle switch control 2002 is configured toreceive an input from the customer to turn off the account as a whole.As a result of receiving this input, the customer mobile device 200transmits a notification signal to the financial institution computingsystem 110, which in turn temporarily deactivates the customer's accountfrom use in any sort of transaction. This is particularly useful if thecustomer temporarily misplaces a card. Another set of toggle switches2004 provides the customer with a more particularized control Forexample, via the set of toggle switches 2004, the customer is able toturn the selected accounts on and off for international and UnitedStates payments. As shown, the selected account has been turned off forinternational transactions only. As such, upon receipt of a transactionrequest from an international payment network, the financial institutioncomputing system 110 would automatically deny the transaction request.This way, fraudulent international transaction activity can beprevented. Additionally, the customer needn't contact the financialinstitution to turn the account on prior to travelling internationally.

Another toggle switch 2006 enables the customer to turn the selectedaccount on and off for use in a particular mobile wallet. Thus, theaccount control interface 2000 may include a number of toggle switchessimilar to the toggle switch 2006 depending on the mobile wallets thatthe customer has registered for. In response to the customer switching acard off for a particular mobile wallet, the financial institutioncomputing system 110 may contact a token service provider associatedwith the mobile wallet (or contact the mobile wallet provider directly)to, for example, deactivate an account token to disable access. Invarious embodiments, the account control customer interface 2000includes many additional transaction controls. For example, the user maymanually restrict amounts, locations, times, and the like that the cardmay be turned off or turned on for use in transactions. As such, notonly does the financial institution client application 208 provide thecustomer with control over external entities that have access tocustomer account information, but it also provides the customer with anextensive amount of personal controls over each individual account.

The embodiments described herein have been described with reference todrawings. The drawings illustrate certain details of specificembodiments that implement the systems, methods and programs describedherein. However, describing the embodiments with drawings should not beconstrued as imposing on the disclosure any limitations that may bepresent in the drawings.

It should be understood that no claim element herein is to be construedunder the provisions of 35 U.S.C. § 112(f), unless the element isexpressly recited using the phrase “means for.”

As used herein, the term “circuit” may include hardware structured toexecute the functions described herein. In some embodiments, eachrespective “circuit” may include machine-readable media for configuringthe hardware to execute the functions described herein. The circuit maybe embodied as one or more circuitry components including, but notlimited to, processing circuitry, network interfaces, peripheraldevices, input devices, output devices, sensors, etc. In someembodiments, a circuit may take the form of one or more analog circuits,electronic circuits (e.g., integrated circuits (IC), discrete circuits,system on a chip (SOCs) circuits, etc.), telecommunication circuits,hybrid circuits, and any other type of “circuit.” In this regard, the“circuit” may include any type of component for accomplishing orfacilitating achievement of the operations described herein. Forexample, a circuit as described herein may include one or moretransistors, logic gates (e.g., NAND, AND, NOR, OR, XOR, NOT, XNOR,etc.), resistors, multiplexers, registers, capacitors, inductors,diodes, wiring, and so on).

The “circuit” may also include one or more dedicated processorscommunicatively coupled to one or more dedicated memory or memorydevices. In this regard, the one or more dedicated processors mayexecute instructions stored in the dedicated memory or may executeinstructions otherwise accessible to the one or more dedicatedprocessors. In some embodiments, the one or more dedicated processorsmay be embodied in various ways. The one or more dedicated processorsmay be constructed in a manner sufficient to perform at least theoperations described herein. In some embodiments, the one or morededicated processors may be shared by multiple circuits (e.g., circuit Aand circuit B may comprise or otherwise share the same processor which,in some example embodiments, may execute instructions stored, orotherwise accessed, via different areas of memory). Alternatively oradditionally, the one or more dedicated processors may be structured toperform or otherwise execute certain operations independent of one ormore co-processors. In other example embodiments, two or more processorsmay be coupled via a bus to enable independent, parallel, pipelined, ormulti-threaded instruction execution. Each processor may be implementedas one or more general-purpose processors, application specificintegrated circuits (ASICs), field programmable gate arrays (FPGAs),digital signal processors (DSPs), or other suitable electronic dataprocessing components structured to execute instructions provided bymemory. The one or more dedicated processors may take the form of asingle core processor, multi-core processor (e.g., a dual coreprocessor, triple core processor, quad core processor, etc.),microprocessor, etc.

Any foregoing references to currency or funds are intended to includefiat currencies, non-fiat currencies (e.g., precious metals), andmath-based currencies (often referred to as cryptocurrencies). Examplesof math-based currencies include Bitcoin, Litecoin, Dogecoin, and thelike.

It should be noted that although the diagrams herein may show a specificorder and composition of method steps, it is understood that the orderof these steps may differ from what is depicted. For example, two ormore steps may be performed concurrently or with partial concurrence.Also, some method steps that are performed as discrete steps may becombined, steps being performed as a combined step may be separated intodiscrete steps, the sequence of certain processes may be reversed orotherwise varied, and the nature or number of discrete processes may bealtered or varied. The order or sequence of any element or apparatus maybe varied or substituted according to alternative embodiments.Accordingly, all such modifications are intended to be included withinthe scope of the present disclosure as defined in the appended claims.

The foregoing description of embodiments has been presented for purposesof illustration and description. It is not intended to be exhaustive orto limit the disclosure to the precise form disclosed, and modificationsand variations are possible in light of the above teachings or may beacquired from this disclosure. The embodiments were chosen and describedin order to explain the principals of the disclosure and its practicalapplication to enable one skilled in the art to utilize the variousembodiments and with various modifications as are suited to theparticular use contemplated. Other substitutions, modifications, changesand omissions may be made in the design, operating conditions andarrangement of the embodiments without departing from the scope of thepresent disclosure as expressed in the appended claims

What is claimed is:
 1. A method of maintaining security, by a serviceprovider computing system, of account information accessible by aplurality of computing devices, the method comprising: receiving, by aservice provider computing system from a user device, a request to viewa set of device access permissions associated with a user accountadministered by the service provider computing system, the set of deviceaccess permissions identifying the plurality of computing devices thatmay request account information associated with the user account fromthe service provider computing system; generating, by the serviceprovider computing system, a listing of device identifiers stored inassociation with the user account, the device identifiers including afirst device identifier associated with a first device and a seconddevice identifier associated with a second device; transmitting, by theservice provider computing system, the access permission dataset to theuser device to facilitate a data control interface configured to presentthe listing of device identifiers via an input/output (I/O) device ofthe user device and to receive user inputs via the I/O device to changethe set of device access permissions for each computing device in thelisting of device identifiers; receiving, by the service providercomputing system, from the user device via the I/O device, a first userinput to change the set of device access permissions for the firstdevice to turn off account access by the first device, the first userinput including the first device identifier for the first device;updating, by the service provider computing system, the set of deviceaccess permissions stored in association with the user account toassociate an access denial indication for the first device with respectto the user account; receiving, by the service provider computingsystem, from the first device, a first access request for the accountinformation; determining, by the service provider computing system, thatthe set of device access permissions comprises the access denialindication for the first device with respect to the user account; inresponse to the determining that the set of device access permissionscomprises the access denial indication, denying, by the service providercomputing system, the first access request from the first device;receiving, by the service provider computing system, from the seconddevice, a second access request for the account information;determining, by the service provider computing system, that the set ofdevice access permissions grants the second device access to the accountinformation; and in response to determining that the set of deviceaccess permissions grants the second device access to the accountinformation, transmitting, by the service provider computing system, tothe second device, the account information requested by the secondaccess request.
 2. The method of claim 1, wherein the service providercomputing system is a financial institution computing system, and theaccount is a financial account.
 3. The method of claim 1, wherein atleast one of the first device and the second device is a smart device ofa user of the user device.
 4. The method of claim 1, wherein the datacontrol interface is provided via an application executing on the userdevice.
 5. The method of claim 1, wherein the device access permissionsidentify a merchant at which a user makes a payment.
 6. The method ofclaim 5, further comprising: receiving, by the service providercomputing system from the user device via the I/O device, a second userinput to change the set of device access permissions for the merchant,the second user input indicating a user preference to turn off paymentsto the merchant; and updating, by the service provider computing system,the set of device access permissions stored in association with the useraccount to disable payments to the merchant.
 7. The method of claim 6,further comprising: receiving, by the service provider computing system,a transaction authorization request from the merchant to authorize apayment from the user; determining, by the service provider computingsystem, that payments to the merchant have been disabled by the user;and in response to the determination, denying, by the service providercomputing system, the transaction authorization request.
 8. The methodof claim 1, further comprising: receiving, by the service providercomputing system from the user device, a second request to view accesspermissions that identify information that is stored at an externalcomputing system associated with a third-party.
 9. The method of claim8, further comprising: receiving, by the service provider computingsystem from the user device via the I/O device, a third user input toupdate the information that is stored at the external computing system;and in response to receiving the third user input, transmitting, by theservice provider computing system, a command to the external computingsystem to update the information that is stored at the externalcomputing system.
 10. The method of claim 9, wherein the third userinput indicates a user preference to remove the information that isstored at the external computing system from the external computingsystems, wherein the command is to delete the information that is storedat the external computing system.
 11. The method of claim 1, furthercomprising generating, by the service provider computing system, anaccess permission dataset based on the set of device access permissions,the access permission dataset comprising the listing of deviceidentifiers stored in association with the user account.
 12. A serviceprovider computing system associated with a service provider, comprisingone or more processors and a network interface configured to communicatedata over a network, the service provider computing system configuredto: receive, from a user device, a request to view a set of deviceaccess permissions associated with a user account administered by theservice provider computing system, the set of device access permissionsidentifying the plurality of computing devices that may request accountinformation associated with the user account from the service providercomputing system; generate a listing of device identifiers stored inassociation with the user account, the device identifiers including afirst device identifier associated with a first device and a seconddevice identifier associated with a second device; transmit the accesspermission dataset to the user device to facilitate a data controlinterface configured to present the listing of device identifiers via aninput/output (I/O) device of the user device and to receive user inputsvia the I/O device to change the set of device access permissions foreach computing device in the listing of device identifiers; receive,from the user device via the I/O device, a first user input to changethe set of device access permissions for the first device to turn offaccount access by the first device, the first user input including thefirst device identifier for the first device; update the set of deviceaccess permissions stored in association with the user account toassociate an access denial indication for the first device with respectto the user account; receiving, by the service provider computingsystem, from the first device, a first access request for the accountinformation; determine that the set of device access permissionscomprises the access denial indication for the first device with respectto the user account; in response to the determining that the set ofdevice access permissions comprises the access denial indication, denythe first access request from the first device; receive, from the seconddevice, a second access request for the account information; determinethat the set of device access permissions grants the second deviceaccess to the account information; and in response to determining thatthe set of device access permissions grants the second device access tothe account information, transmit, to the second device, the accountinformation requested by the second access request.
 13. The serviceprovider computing system of claim 11, wherein at least one of the firstdevice and the second device is a smart device of a user of the userdevice.
 14. The service provider computing system of claim 11, whereinthe data control interface is provided via an application executing onthe user device.
 15. The service provider computing system of claim 11,wherein the device access permissions identify a merchant at which auser makes a payment.
 16. The service provider computing system of claim15, wherein the service provider computing system is further configuredto: receive, by the network interface from the first device via the I/Odevice, a second user input to change the set of device accesspermissions for the merchant, the second user input indicating a userpreference to turn off payments to the merchant; and update the set ofdevice access permissions stored in association with the user account todisable payments to the merchant.
 17. The service provider computingsystem of claim 16, wherein the service provider computing system isfurther configured to: receive, by the network interface, a transactionauthorization request from the merchant to authorize a payment from theuser; determine that payments to the merchant have been disabled by theuser; and in response to the determination, deny the payment.
 18. Theservice provider computing system of claim 11, wherein the serviceprovider computing system is further configured to: receive, by thenetwork interface from the user device, a second permissions request toview a set of data access permissions that identify informationregarding the user that is stored at an external computing systemassociated with a third-party.
 19. The service provider computing systemof claim 18, wherein the service provider computing system is furtherconfigured to: receive, by the network interface from the user devicevia the I/O device, a third user input to update the information that isstored at the external computing system; and in response to receivingthe third user input, transmit, by the network interface, a command tothe external computing system to update the information that is storedat the external computing system.
 20. The service provider computingsystem of claim 19, wherein the third user input indicates a userpreference to remove the information that is stored at the externalcomputing system from the external computing system, wherein the commandis to delete the information that is stored at the external computingsystem.